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@ Method and apparatus for privacy of traffic behavior on a shared medium passive optteal network. 



(5^ The present invention provides a telecom- 
munication network utilizing a passive optical 
network connecting a plurality of network ter- 
minations to a local exchange. Information cells 
and commands are transmitted on the network 
by the local exchange to all the network termi- 
nations. The information cells and commands 
contain routing address information for the par- 
ticular network temni nation to which the infor- 
mation cell or command is destined. The 
address information contains the address of the 
destination network tenmination and additional 
identifier bits to facilitate encryption of the 
address information for security and privacy of 
traffic behavior without produdng misdelivery 
occurrences. In addition, a system for re- 
peatedly changing encryption patterns for the 
network tenninations which detects misdelivery 
conditions Is provided. 
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Field of the Invention 

The present invention pertains to cryptographic 
communication in general, and more particularly to 
the encryption of routing information of data transmit- 
ted on a shared medium network. 

Background of the Invention 

Optical transmission systems have enjoyed in- 
creasing usage throughout telephone network and 
switching systems. For example, optical fiber sys- 
tems have replaced copper based transmission sys- 
tems in many trunk and junction networks. As optical 
fiber systems become more pervasive in the user 
area of the telecommunication system, better and 
less expensive usage of the capabilities of optical fib- 
er transmission systems will be in demand. 

Within the user area, a contemplated application 
of optical transmission systems is for connection to a 
broadband integrated services digital network 
("BISDN") for providing Interactive services including 
the distribution of video signals in the local loop. The 
optical transmisston system configuration envisbned 
for such a connection network is a shared medium 
passive optical network ("PON") having a tree-andr 
branch topology. This topology provides a cost- 
effective way to connect small businesses and resi- 
dential subscribers to an BISDN, and has been used 
in several field trials for Plain Old Telephony Services 
and distributive services, such as the Amsterdam- 
Sloten Fibre to the Home Field which is described in 
H.H. Grotjohann, R Jaeger and P.E. Schaafsma, 
Dutch FTTH on Trial, Communications International, 
p. 49 (January 1992). 

In a PON, the optical fiber is shared by a group 
of customers. Further, in a PON having a tree-and- 
branch topology, a single fiber emanates from a local 
exchange and fans out via passive optical splitters 
and tree couplers to a plurality of service customers. 

One conventional method for transmitting infor- 
mation from the local exchange to individual custom- 
ers utilizing such a topology is as follows. Information 
is transmitted in packets or cells. Each transmitted 
cell contains data and address information of the in- 
tended destination customer. All information cells are 
transmitted through the entire PON to receivers locat- 
ed at the ends of the network which are called net- 
work terminations. Each network termination is con- 
nected to a corresponding customer or group of cus- 
tomers. When a network termination receives an in- 
formation cell, it compares its address with the ad- 
dress contained within the cell. When the addresses 
match, the ceil Is passed to the proper customer. 
When a match is not detected, the network termina- 
tion blocks the received information and does not 
transmit it to the customer. 

Encryption of the data contained in information 



cells has been used to avoid the potential problem of 
eavesdropping by unscrupulous customers tapping 
into their network terminations. If the data was not en- 
crypted, an unscrupulous customer would have ac- 

5 cess to all the information transmitted on the PON by 
the local exchange. Encrypted information cells, on 
the other hand, are properly deciphered only by the 
intended destination network terminatbn. To insure 
this result, the same key is used by the LT and des- 

10 tination NT for encryption and decryption, respective- 
ly. A different key is associated with each NT 

One conventk>nal method of encryption is to 
combine an information cell with a pseudo-random 
stream of binary bits using modulo 2 addition. Gen- 

15 eration of the pseudo-random sequence can be ac- 
complished by dedicated hardware, such as feedback 
shift registers, or in software. Deciphering the en- 
crypted information stream occurs by combining, us- 
ing modulo 2 addition, the encrypted information cell 

20 with the identical pseudo-random sequence used for 
encryption. 

Some prior art systems have utilized encryption 
on all parts of the information cell except for the rout- 
ing address information. As a result, conventional 

25 methods of encryption of data cells would not prevent 
an.unscrupulous customer from obtaining.information 
concerning the frequency of transmissions to or from 
the other customers on the network. 

Encryption of the address information is desir- 

30 able to insure privacy of traffic behavior of customers 
on the network. However, typical prior art systems 
have not encrypted the address information because 
of the inherent problem of extraneous transmissions 
of encrypted information cells to non-destination cus- 

36 tomers. These extraneous transmissions or misdeli- 
veries present a security risk to the data contained in 
the information cells, as well as a burden to the con- 
trol circuitry within the non-destination NTs. Misdeli- 
veries occur when non-destination network termina- 

40 tions use their respective decryption patterns on the 
routing address information of the received informa- 
tion cells, and inadvertently produce addresses that 
are equal to their own. As a consequence, the still en- 
crypted cells will be transmitted to unintended cus- 

45 tomer premises networks. 

Summary of the Invention 

The present invention is a telecommunication 
50 system for a PON incorporating an encryption meth- 
od for the routing address information of transmitted 
information cells. The method of encryption utilizes 
additional binary bits appended to the routing ad- 
dress information within each transmitted information 
55 cell. The additional bits may be redundant of informa- 
tbn that is contained in particular bits in the routing 
address information. The added bit information expo- 
nentially increases the number of possible encryption 
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patterns available to encrypt the routing address 
fields which facilitates the selection of encryption pat- 
terns that eliminate the potential for misdeliveries. 
The use of additional bits can also be applied to rout- 
ing address information of encrypted commands 
transmitted by the local exchange granting permis- 
sion to particular NTs to send data upstream. In this 
way also the privacy of the upstream traffic can be 
achieved. 

An advantage of the present invention is the in- 
creased security achieved by maintaining privacy of 
information cell traffic behavior at minimal additional 
expense. Another advantage of the present invention 
is the substantial reduction of the possibility of mis- 
delivery. Yet another advantage of the present inven- 
tion Is the prevention of an NT of misinterpreting a 
command to transmit data which was destined for an- 
other NT. 

Brief Description of the Drawings 

FIG. 1 illustrates a prior art telecommunication 
system local loop having a passive optical net- 
worl^ with the preferred tree-and-branch topolo- 
gy; 

FIG. 2 Illustrates a prior art format for an asyn- 
chronous transfer mode cell that is transmitted 
on the network of FIG. 1 ; 

FIG. 3 is an Illustration of the passive optical net- 
work of FIG. 1 with eight network terminations; 
FIG. 4 is a table illustrating disadvantages of con- 
ventional techniques for the encryption of routing 
address information of information cells transmit- 
ted on the passive optical network of FIG. 3; 
FIG. 5 is a passive optical network with extended 
routing address fields according to the present in- 
vention; 

FIG. 6 is a schematic diagram of a circuit for use 
in a line termination of the passive optical net- 
work of FIG. 5; 

FIG. 7 is a suitable format for a memory device 
used in the circuit of FIG. 6; 
FIG. 8 is a flow diagram of a routine used in the 
circuit of FIG. 6 to generate new encryption pat- 
terns according to the present invention; 
FIG. 9 is a schematic diagram of a suitable circuit 
that can be used in each of the network termina- 
tions in a system according to the present inven- 
tion; 

FIG. 10 is a flow diagram of a processing se- 
quence suitable for use in the circuit of FIG. 9; and 
FIG. 11 is a suitable format for a memory device 
to be used in the circuit of FIG. 9. 

Detaiied Description 

A PON 10 with a tree-and-branch topology is 
shown in FIG. 1 . In one embodiment of the present in- 



vention, it is envisioned that a network, such as the 
network 10 will be utilized for the transportation of 
asynchronous transfer mode ("ATM") information 
cells. In the network of FIG. 1, the information trans- 

5 mitted throughout the PON 10 is controlled at a local 
exchange 11 and line termination ("LT") 12. At the 
other side of the PON 10 there are a number of net- 
work terminations ("NT*) 14. Each NT 14, In turn, is 
connected to a customer premises network 16. 

10 Information is transmitted downstream from lo- 

cal exchange 11 through LT 12 to each of the NTs 14 
and ultimately to the customer premises networks 1 6. 
The downstream traffic consists of information com- 
prising a flow of ATM cells of the form shown in Fig. 

15 2. The entire information stream is transmitted to all 
of the NTs 14. Each NT 14 sequentially extracts and 
processes the ATM cells from the stream and identi- 
fies those cells for which it is the intended destination. 
It then routes the identified cells to the associated 

20 customer network 1 6. 

One f bced length data forniat used for the trans- 
mitted ATM cells is shown in FIG, 2. Asynchronous 
transfer mode or ATM is a technique for multiplexing 
and switching within a network for the transfer of 

25 data. A more detailed description of a standard ATM 
cell format is described in CCITT Recommendations 
1.361 , B'iSDN ATM Layer Specification, Study Group 
XVIII, Report R-116, p. 2 (July 1992). 

Referring to the data format of FIG. 2, an ATM cell 

30 30 has a fixed length of 53 bytes which comprises: an 
ATM cell header 32 with 5 bytes, and an ATM cell pay- 
load 34 with 48 bytes. The ATM cell payload 34 con- 
tains the information transmitted by the sending par- 
ty. The address information indicating the particular 

35 destination NT 14 for each cell may either be located 
in a virtual path identifier field 36 ("the VPI field") hav- 
ing 12 bits and/or the virtual channel identifier field 
38 ("the VCI field") having 16 bits in the ATM cell 
header 32. 

40 When the ATM cell 30 is transmitted on the PON 

network 10 in the downstream direction, it is preced- 
ed by a preamble 31 containing control information. 
The operations controlled by the 3 bytes of the pre- 
amble 31 are unrelated to encryption of the down- 

45 stream cell and include such functions as laser con- 
trol and upstream traffic control. However, an alter- 
native location for the destination address informa- 
tion for the cell may be in the preamble 31. 

The preamble 31 may also contain a command, 

50 called a permit, which controls upstream traffic by au- 
thorizing a particular NT 14 to transmit information in 
the upstream direction to the LT 1 2. A permit contains 
the address information of the particular NT 14 to 
which the command is directed. In general, the des- 

55 tination routing address of the permit in the preamble 
31 can be different than that of the accompanying 
ATM information cell 30. 

Referring back to the prior art PON 10 of FIG. 1, 
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ATM cells transmitted in the downstream direction 
from the LT 12 to the NTs 14 are encrypted. The entire 
ATM cell except for the routing address information is 
encrypted in the LT 12 by combining the ATM cell with 
a particular pseudo-random sequence encryption 5 
pattern using modulo 2 addition. The particular en- 
cryption pattern used is based on the particular des- 
tination NT 14. As is stated above, each ATM cell is 
transmitted to all the NTs 1 4 in an information stream. 

Upon receipt of an encrypted ATM cell, each NT io 
14 will examine the non*encrypted address field and 
determine whether it is the intended destination NT. 
If a particular NT 14 is the intended destination, that 
particular NT 14 will decrypt the encrypted ATM cell 
by combining its decryption pattern with the cell using 15 
modulo 2 addition. The particular decryption pattern 
used by an NT is identical to the pseudo-random se- 
quence used for encryption of a cell that is destined 
for that NT. If the particular NT determines that it is not 
the intended destination, no decryption operation will 20 
occur. If the routing address information of the ATM 
cell is encrypted, then each of the NTs 14 must add 
their decryption pattern to the received address infor- 
mation to determine if the ATM cell is addressed to it. 

The disadvantage of encrypting the address in- 25 
formation of an ATM cell or a permit according to_ a. 
typical prior art PON will now be described with ref- 
erence to FIGS. 3 and 4. In FIG. 3, a simple PON 20, 
for purposes of illustration, is shown with an LT 22 
connected to eight NTs 140-147. Column 15 contains 30 
the decimal address information for each NT 140-147 
in the network 20. The decimal routing addresses for 
the eight NTs 140-147 are 0-7, respectively. Three 
bits of the VPI/VCI field 36 and 38 of the ATM cell 30 
(shown in FIG. 2) are required for binary transmission 35 
of the routing address information for the simple PON 
20 of Fig. 3. 

Table 300 of FIG. 4 illustrates the various results 
obtained for the encryption and decryption of the ad- 
dress fields of ATM cells destined for delivery to one 40 
of the NTs 142, 144 and 145 in the PON 20 of FIG. 3. 
In the table 300 of FIG. 4, column 310 contains the 
decimal address numbers 2, 4 and 5 for the three NTs 
142, 144 and 145, respectively, and column 320 con- 
tains the corresponding three-bit binary equivalent 45 
addresses. 

Three-bit segments or fragments of the unique 
pseudo-random sequences used for encryption of the 
address fields of information cells destined for deliv- 
ery to the NTs 142, 144 and 145 are contained in col- 50 
umn 330. The pseudo-random sequences are gener- 
ated in the LT 22 and have a total length equal to that 
of the ATM cell. The code fragments listed in column 
330 are the portions of the pseudo-random sequenc- 
es which correspond to, or operate on, the routing ad- 55 
dress fields of the ATM cells. 

Column 340 contains a listing of the correspond- 
ing encrypted routing address information calculated 



in the LT 22 from the relationship: 

Encrypted AddressK = K © Encryption Pat- 
ternK(Address field) where K corresponds to the des- 
tination NT binary address such as those listed in col- 
umn 320, 0 represents modulo 2 addition, and en- 
cryption patternK (Address field) denotes the address 
field portion of the encryption pattern used on ATM 
cells destined for NTk, such as those listed in column 
330. Thus, in row 345, the binary entry Oil in column 
340 corresponds to the encrypted routing address in- 
formation of an encrypted Information cell transmit- 
ted to NT 142 and is the result of combining by modulo 
2 addition the binary NT address, 010, in column 320, 
and the binary encryption pattern fragment, 001, in 
column 330. 

The data contained in column 350 pertains to op- 
erations that occur within the NT 145 upon receipt of 
information cells containing the encrypted address in- 
formation of 340. The resulting information after an 
NT applies its decryption pattern to a received ATM 
cell will be referred to as a processed cell. Column 
350 contains the address field portions of the proc- 
essed cells which result after NT 145 has added its 
particular decryption pattern to the encrypted ad- 
dress information in column 340. The address field 
portions of the processed ceils will be referred to as 
the processed address field values. 

The processed address field values in column 
350 were generated by combining the encrypted cell 
information of column 340 with the binary decryption 
pattern fragment 110 for the NT 145 using modulo 2 
addition. The binary decryption pattern fragment 110 
is identical to the binary pseudo-random encryption 
pattern fragment 331 in column 330 which was used 
to encrypt the routing address information of all ATM 
cells destined for NT 145. 

A misdelivery problem will be discussed in con- 
junction with an entry 353 in column 350. Entry 353 
illustrates a processed address field value for an ATM 
cell destined for NT 142 which has erroneously been 
decrypted as binary 101, or a decimal five, the ad- 
dress of the processing NT 145. As a result, the cor- 
responding processed ATM celt, which has not been 
properly decrypted, would erroneously be delivered 
to the associated customer premises network. Utiliz- 
ing the encryption pattern 331 of column 330 for the 
NT 145, such a misdelivery will occur for each infor- 
mation cell destined to NT 142. 

Misdeliveries pose a security risk for the trans- 
mitted information as well as a burden on the proc- 
essing circuitry in the associated customer premises 
networks. The misdelivery of the processed cell by 
NT 145 described above in no way effects the proper 
processing and delivery of the ATM cell by NT 142. 

The principles discussed with regard to FIG. 3 are 
also applicable to systems with greater or lesser NT 
capacity. A typical PON supports 32 NTs, and thus, 
requires the use of five bits for the routing address in- 
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formation of the 28 bits of the VPI/VCI fields 36 and 
38 of an ATM cell 30 (shown in FIG. 2). Although the 
misdelivery problem discussed above with regard to 
FIGS. 3 and 4 pertains to the encryption of ATM In- 
formation cells, it will be readily understood by those 5 
skilled in the art that the encryption of the routing ad- 
dress information of permit commands will suffer 
from similar misdelivery problems in conventional 
PON systems. 

In a telecommunication system employing up to io 
2" NTs and utilizing an n-bit routing address field, 
there will be only 2" possible encryption patterns to 
perform the functions of maintaining privacy of traffic 
behavior and avoidance of misdelivery situations. 
Thus, in a PON utilizing 32 NTs and a five bit destin- is 
ation address field, there are only 32 possible encryp- 
tion pattern fragments available to operate on the ad- 
dress fields of the transmitted information cells to the 
32 NTs. Because of this small number of possible en- 
cryption pattern fragments relative to the number of 20 
NTs, there is a substantial likelihood that in assigning 
one of the 32 encryption patterns to a corresponding 
one of the 32 NTs a misdelivery condition would re- 
sult. Further, it is undesirable to use the same encryp- 
tion pattern for more than one NT because if an un- 25 
scrupulous person obtains the particular encryption 
pattern, he will be able to decipher data and com- 
mands transmitted to the two corresponding NTs. 

The present invention provkles a method and ap- 
paratus which utilizes an expanded routing address 30 
field to substantially increase the number of possible 
encryption patterns available to the number of NT ad- 
dresses. As shown in FIG. 5, a PON 100 has an LT 
120, connected to 32 NTs 240-271 whose decimal 
routing addresses are 0-31, respectively. For simpli- 35 
city and clarity of illustration, only a subset of NTs 
240-271 and oonresponding address information is 
shown. The decimal NT address information corre- 
sponding to the NTs 240-271 is shown in the address 
column 280. In this system, a binary expanded ad- 40 
dress containing seven bits instead of the usual five 
bits has been reserved in the VPI/VCI fields 36 and 
38 of the ATM cell for the routing address information 
corresponding to the 32 NTs 240-271. 

Column 290 contains the binary expanded ad- 45 
dress for each NT 240-271. A five bit subcolumn 291 
contains the binary equivalent of the decimal NT ad- 
dress information of column 280. Atwo bit subcolumn 
292 contains the additional identifier bits of the ex- 
panded address information. The additional identifier 50 
bits may be redundant of information that is contained 
in the address subcolumn 291. For example, in FIG. 
5, the additional identifier bits in column 292 corre- 
spond to a first and fourth bit of the information con- 
tained in subcolumn 291 . This relationship is illustrat- 55 
ed for entry 295 of column 290. 

In addition, the additional identifier bits of column 
292 may be generated by some other processing 



techniques using the five-bit NT address information. 
For example, the additional identifier bits may be de- 
rived using particular boolean operations involving 
the five bit NT address information of subcolumn 291 . 

The addition of the additional identifier bits adds 
minimal cost to the processing of routing information 
in the LT 120 and NTs 240-271. More importantly, it 
will allow selection of 128, i.e., 2^, possible encryption 
pattern fragments for the routing address information 
of the 32 NTs 240-271 . As a consequence, the poten- 
tial for a misdelivery occurrence is significantly re- 
duced or eliminated. 

An advantage of the present invention is that con- 
ventional encryption techniques selected for opera- 
tion on the ATM cell payload can now operate on the 
entire cell including the expanded routing informa- 
tion. No new complicated encryption techniques are 
required. 

To further increase the level of security of a PON 
system 100 according to the present invention, it is 
desirable to repeatedly change the particular encryp- 
tion pattern used for each of the NTs 240-271. Fur- 
ther, as it is generated, each new encryption pattern 
should be tested to determine if it would cause a mis- 
delivery occurrence. A suitable encryption and verifi- 
cation circuit 400 according to the present Invention 
for use in the LT 120 for transmission is illustrated in 
FIG. 6. 

In FIG. 6, ATM cells received from a local ex- 
change 411, such as the local exchange 111 of FIG. 
5, are applied to a destination address field extractor 
401 and a modulo 2 adder 402. The address field ex- 
tractor 401 is further connected to an address input 
403 of a memory device 404. The memory device' 404 
contains a table of active pseudo-random sequences 
used to encrypt ATM cells destined to the various NTs 
240-271 of FIG. 5. A suitable format for the table of 
memory device 404 is shown in FIG. 7 which is dis- 
cussed below. A data output 405 of the menrK>ry de- 
vice 404 is connected to the modulo 2 adder 402. The 
modulo 2 adder 402 generates the encrypted ATM 
cells which are transmitted to the NTs 240-271 of FIG, 
5 by adding the ATM cells received from the local ex- 
change with the proper pseudo-random sequences 
received from the memory device 404. 

A processing unit 406 is connected to the menv 
ory device 404 by a data output line 407, a data input 
line 408 and an address line 409. An optional pseudo- 
random sequence generator 410 may be connected 
to the processing unit 406 as shown in FIG. 6. 

In operation, the circuit 400 encrypts and trans- 
mits an ATM cell received from the local exchange by 
first reading the destination address information con- 
tained in the ATM cell with the address field extractor 
401 . The destination address information is then used 
as an address pointer to the corresponding location 
in the memory device 404 to retrieve the proper pseu- 
do-random sequence for the destination NT. The re- 
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trieved pseudo-random sequence is then applied to 
the memory device output 405. The modulo 2 adder 
402 then combines the ATM cell with the retrieved 
pseudo-random sequence on the memory device out- 
put 405 to form the encrypted ATM cell which is then 5 
transmitted on the network. 

A suitable format for the table of memory device 
404 is shown in FIG. 7. In an Information table 420 of 
FIG. 7, column 421 contains the encryption patterns 
combined by modulo 2 addition with the particular io 
corresponding expanded address information as is 
represented by Crypt e Address, for each one of the 
NTs 240-271 in PON 100 of FIG, 5. The numbers in 
column 422 are the memory location designators for 
each one of the 32 locations of the memory table 420. 15 
For example, the active pseudo-random encryption 
pattern contained at memory location 2 is the encryp- 
tion pattern for information cells destined for NT 242, 
which has a decimal address equal to a 2 as shown 
In row 425 of FIG. 7. As shown at entry 426 in FIG. 5, 20 
the expanded binary address for the NT 242 is a bi- 
nary 0000010. The reason for combining the expand- 
ed address information with the encryption pattern 
and storing the result in memory prior to encryption 
of an information cell is discussed below In oonnec- 25 

- tion with FIG. 8. 

In FIG. 6, the processing unit 406 performs the 
periodic generation of new encryption patterns for 
use in the PON 100 of FIG. 5. Further, prior to use of 
any newly generated encryption pattern, the process- 30 
ing unit 406 performs a verification routine to detect 
if the newly generated encryption pattern would 
cause a misdelivery occurrence. By repeatedly 
changing the active encryption patterns, no particu- 
lar encryption pattern is used for a sufficiently long 35 
enough period of time to permit a person who has tap- 
ped Into the network to identify and use an encryption 
pattern to decipher information celts encrypted with 
that pattern. 

A suitable generation and verification routine 500 40 
for the processing unit 406 of FIG. 6 is shown in FIG. 
8. The routine 500 tests each newly generated en- 
cryption pattern by comparing it to each of the active 
pseudo-random encryption patterns in memory de- 
vice 404 of FIG. 6. The generation and verification 45 
routine 500 utilizes these comparisons to determine 
whether a misdelivery occurrence would result if the 
newly generated encryption pattern is employed. If a 
misdelivery occurrence is detected, the new encryp- 
tion pattern is discarded and a new pattern is gener- so 
ated for verification. 

Referring to FIG. 8, in step 510, a new pseudo- 
random encryption pattern, cryptnew. is generated for 
possible use for an NTa, where a is the decimal NT ad- 
dress of the particular NT. The pseudo-random en- 55 
cryption pattern may be generated in the processing 
unit 406 of FIG. 6, or an optional pseudo-random se- 
quence generator 41 0 as shown in FIG. 6. An expand- 



ed address corresponding to the NT address a is then 
calculated in step 515 and is represented by the value 
expanded a. An address pointer K is then initialized 
to zero in step 520. The address pointer K will be used 
to retrieve the active pseudo-random encryption pat- 
tern for each of the NTs 240-271 from memory device 
404 of FIG. 6 for testing against the newly generated 
encryption pattern, cryptnew. The address pointer K 
will also be used as a loop counter for the routine 500. 

The address pointer K is then tested in step 530, 
and if the address pointer K is equal to the value a, 
the generation and verification routine 500 proceeds 
to step 570 because no verification needs to be per- 
formed of the encryption pattern at memory location 
a as the new encryption pattern was generated to re- 
place the encryption pattern stored at that memory 
location. In the alternative, if in step 530, it Is deter- 
mined that K does not equal a, the generation and ver- 
ification routine 500 proceeds to step 540. In step 
540, the active encryption pattern at memory location 
K Is retrieved as indicated by testK for testing against 
the newly generated encryption pattern, cryptnew- 
The active encryption pattern stored in the memory 
device 404 have previously been combined with the 
corresponding expanded address information as de- 
-scribed.above with reference. to_FIG._7,.and ^patterns 
are represented by CryptK © AddressK in step 540. 
Thus, the address field portion of the value testK the 
address portion of the encryption pattern combined 
with a corresponding binary expanded address using 
modulo 2 addition. 

A value sumK is then calculated in step 550 by 
combining, using modulo 2 addition, the expanded 
address field portion of the value testK with the ex- 
panded address field portion of the new encryption 
pattern, cryptnew- The mathematical operations per- 
formed in step 550 can be regarded as an emulation 
of the decryption operations that would occur in the 
NTk if the newly generated encryption pattern, crypt- 
new was used for NTk- 

The address field portion of sumK. which is rep- 
resented by sumK (address field) Is then tested in step 
560, and if it is equal to the value expanded K, a mis- 
delivery event would occur if cryptnew were to be used 
for encrypting ATM cells destined for the NTa. if such 
a cryptnew were used, all information cells destined for 
the NTa would be misdelivered to the NTk. As a result, 
if the address f ield portion of the value sumK is equal 
to the value expanded a, the generation and verifica- 
tion routine 500 proceeds to step 510 and generates 
a new encryption pattern. On the other hand, if the 
address field portion of the value sumK is not equal to 
the value expanded a in step 560, then the generation 
and verification routine 500 proceeds to step 570. 

In step 570, if address pointer K is not equal to the 
highest address K^ax of the NTs 240-271 of the PON 
100, the generation and verification routine 500 in- 
crements the address pointer K in step 580 and pro- 



BNSDOCID: <EP 0660570A2 I > 



11 EP 0 660 2 

ceeds to test the newly generated encryption pattern. 
crypt„ew> against the encryption pattern of the NT at 
the address of the incremented K by performing steps 
530 through 560 with the incrennented K. In the alter- 
native, if the address pointer K is equal to the highest 5 
address, K^ax. the newly generated encryption pat- 
tern, cryptnewt has been successfully tested against 
all the active NT encryption patterns for detection of 
misdeliveries and the generation and verification rou- 
tine 500 proceeds to step 590. io 

In step 590, the newly generated encryption pat- 
tern, cryptnew> IS combined by modulo 2 addition with 
its corresponding expanded binary address, the val- 
ue expanded a, and the combined pattern is then 
loaded into the memory device 404 at location a. By is 
storing the new encryption pattern in memory device 
404, the pattern then becomes the active pseudo- 
random encryption pattern used to encrypt cells des- 
tined for the NTg. The corresponding particular NT 
240-271 at address a is then notified of the encryp- 20 
tion pattern change in step 595. 

It will be readily understood by those skilled in the 
art that the generation and verification routine 500 
described above can be modified to operate in a PON 
system that stores the active pseudo-random encryp- 25 
tion patterns in memory 404 of FIG. 5 without com- 
bining them with their respective expanded address 
information. If the additional identifier bits of the ex- 
panded address information contains redundant in- 
formation or other predictable information, the proc- 30 
essing unit 406 can calculate a respective expanded 
address and combine It with the respective encryp- 
tion pattern from memory device 404 in generating 
the value testK In step 550 of FIG. 8. 

The generation and verification routine 500 35 
should be periodically performed for each of the re- 
spective NTs of the PON by the processing unit 406 
of FIG. 6. The processing unit 406 may use any meth- 
od to determine the order in which the particular NTs 
240-271 of FIG. 5 are to have their corresponding en- 40 
crypt ion patterns updated. The routine 500 may gen- 
erate and verify new encryption patterns for each of 
the NTs in a sequential order or in a random fashion. 
Further, the NTs may be ranked in a manner corre- 
sponding to the required level of security of the cus- 45 
tomer associated with a particular NT. The ranking of 
NTs may be used to ensure that the NTs associated 
with customers requiring a higher level of security will 
have their corresponding pseudo-random encryption 
patterns updated more frequently than those NTs as- 50 
sociated with customers requiring a lower level of se- 
curity. 

FIG. 9 is a schematic diagram of a suitable circuit 
600 for use in each of the NTs 240-271 of FIG. 5 to 
determine whether an ATM cell containing encrypted 55 
expanded address information is to be transmitted to 
an associated customer premises network. In FIG. 9, 
each of the received encrypted ATM cells by an NT Is 
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applied to an input 611 of a processing unit 610. An 
output 615 of the processing unit 610 is connected to 
an associated customer premises network 616, such 
as customer premises network 16 of FIG. 1. Process- 
ing unit 610 is also connected to memory devices 620 
and 630. 

Memory device 620 contains the decryption pat- 
tern for the NT and memory device 630 Is a memory 
table of commands directing whether or not a proc- 
essed cell should be transmitted to the customer 
premises network 616. For example, the commands 
contained at a particular memory location of memory 
device 630 may be a "Go" Indicating the processed 
cell should be transmitted to the associated customer 
premises network or a "NoGo" indicating the cell 
should be discarded. A suitable storage format for 
memory device 630 is shown in FIG. 11 which is de- 
scribed below. The processing unit 610 of FIG. 9 ex- 
tracts data contained in the memory device 630 using 
an address line 636 and a data input line 637. 

FIG. 10 depicts a suitable processing routine 700 
for use by the processing unit 61 0 of FIG. 9 to deter- 
mine whether a received ATM cell should be delivered 
to the associated customer premises network 616. In 
step 710 of routine 700, a processed cell Is derived by 
combining, using modulo 2 addition, a received en- 
crypted information cell with a particular decryption 
pattern for the processing NT. The particular encryp- 
tion Is retrieved from the memory device 620 of FIG. 
9. Then, in step 720, an address pointer L is defined 
as the contents of the address field portion of the 
processed cell which was generated in step 710. The 
processing routine 700 proceeds to step 730, where 
a command is retrieved from the memory device 630 
of FIG. 9 at a memory locatk>n corresponding to ad- 
dress pointer L. 

The retrieved command is then tested In step 
740, and If the command indicates that the processed 
cell Is to be delivered to the associated customer 
premises network, the processing routine 700 pro- 
ceeds to step 750, otherwise the processing routine 
700 proceeds to step 760. For example, in the menrv 
ory device 630 described above containing the com- 
mands Go and NoGo, if the command retrieved in 
step 730 is a Go then the routine 700 proceeds to step 
750. in the alternative, if the retrieved command was 
a NoGo then the routine 700 proceeds to step 760 
from step 740. In step 750, the processed cell is de- 
livered to the associated customer premises network, 
and conversely, in step 760, the processed cell is dis- 
carded. The processing routine 700 is repeated for all 
ATM cells. 

A suitable memory table format 800 for com- 
mands contained In the memory device 630 of FIG. 9 
Is shown In FIG. 11. Referring to FIG. 11, the memory 
table 800 has a command corresponding to a "Go" or 
"NoGo" in each of its memory locations. The com- 
mands contained In the respective locations of mem- 
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ory table 800 are shown In column 810. A command 
entry exists for each one of the possible expanded 
address values. Each connmand In column 81 0 is stor- 
ed at a memory location having a particular decimal 
address as shown in column 820. For example, in a 5 
command entry 830 at decimal address 2 is a "Go" in 
column 810 indicating that a processed cell having an 
expanded address equal to a decimal 2 should be de- 
livered to the associated customer premises network 
616 of FIG. 9. Likewise, the corresponding command io 
for a processed cell having an expanded address 
other than a 2 is "NoGo" in the memory table 800 
which indicates that the processed cell should be dis- 
carded and not delivered to the associated customer 
premises network 616. is 

A benefit of using the memory table configuration 
800 of FIG. 11 is the ease with which an NT possess- 
ing more than one address can be implemented. To 
Implement such an NT, the table configuration of 
memory device 630 of FIG. 9 should contain a "Go" 20 
command at all the memory locations corresponding 
to the expanded addresses which are to be used for 
that particular NT. It will be readily understood by 
those skilled in the art that the memory device 630 of 
FIG. 9 can be replaced by suitable control logic circui- 25 
try or other means that will generate an output value 
corresponding to a "Go" command for the particular 
expanded address or addresses of that NT and a 
"NoGo" command for all other addresses. 

A PON 100 according to the present invention 30 
employing expanded address information for the rout- 
ing of ATM celts provides a substantially higher level 
of security and privacy of traffic behavior than in prior 
art networks without the disadvantages Inherent in 
the prior art networks. In a PON 100 having 32 NTs. 35 
it is preferred that two or more additional identifier 
bits be used to achieve adequate performance in the 
generation of new encryption codes. A further In- 
crease in the level of security can be achieved by the 
repeatedly generation and verification of new encryp- 40 
tlon patterns for each of the NTs according to the 
present invention. 

While the present invention has been described 
in terms of a conventional format for an ATM cell 
transferable on a shared medium passive optical net- 45 
work, it should be apparent that the present invention 
need not be limited to a passive optical system, but is 
applicable to other shared mediums where encryp- 
tion is performed, such as copper wire or wireless 
systems. In addition, the Invention can also be imple- so 
mented in other network topologies such as ring or 
bus configurations, or used with other types of infor- 
mation packet or packet cell formats, fixed length or 
otherwise. 



Claims 

1. A circuit for the generatfon and validation of new 
encryption patterns for the transmission of data 
cells and commands on a shared medium net- 
work having a line termination transmitting the 
data cells and commands, and a plurality of net- 
work temiinations, each transmitted data cell or 
command containing encrypted address informa- 
tion of Its destination network termination, the 
address information being the destination net- 
work termination address plus additional identifi- 
er bits, and a different encryption pattern being 
used for each destination network termination, 
the circuit comprising; 

a microprocessing unit for performing the 
generating and verifying of the new encryption 
patterns; and 

a memory device for storing and retrieval 
of active encryption pattern information, the 
memory device being connected to the process- 
ing unit, wherein the processing unit generates a 
new encryption pattern for a particular network 
termination which is verified by sequentially proc- 
essing it with each of the active encryption pat- 
terns to detect -for potential, misdeliveries, and 
storing it in a respective location of the memory 
device if a potential misdelivery condition is not 
detected in each of the processing results, and 
generating a new encryption pattern to be veri- 
fied if any of the processing results Indicate po- 
tential misdeliveries. 

2. The circuit of claim 1 , further comprising: 

a pseudo-random number generator being 
connected to the processing unit for generating 
the new encryption patterns. 

3. The circuit of claim 1 or daim 2, wherein a format 
of the memory table having the encryption pat- 
terns at memory address locations correspond- 
ing to the addresses of the respective network 
terminations. 

4. A method of generating and evaluating pseudo- 
random encryption patterns for encrypting des- 
tinatbn address information contained in data 
cells or commands on a shared medium network, 
the network having a line termination and a plur- 
ality of network terminations, the method com- 
prising: 

generating a new pseudo-random encryp- 
tion pattern for the address information of data 
cells or commands destined for a particular net- 
work tennination, the address information con- 
taining the destination network termination ad- 
dress and additional identifier bits; 

generating a sum for each encrypted ad- 
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dress information for data cells or commands 
destined for the other network terminations by 
adding, using modulo 2 addition, the encrypted 
address information for the other network termin- 
ations with a portion of the new encryption pat- 
tern used for encrypting the address information; 
and 

comparing each sum with the address of 
the particular network temnlnatlon for which the 
new encryption pattern is generated, wherein if 
all sums are not equal to the address of the par- 
ticular network termination for which the pattern 
was generated, then the new encryption pattern 
Is valid and may be used in the network. 

5. The method of claim 4, further comprising: 
notifying the particular network termination of 
the new encryption pattern which has been gen- 
erated and determined valid for use of encrypting 
the address information for data cells and com- 
mands destined to that network termination. 

6. The method of claim 4 or claim 5, further compris- 
ing: storing the encryption patterns for the net- 
work termination in a memory device. 

7. The method of any of claims 4 to 6, wherein the 
method is repeatedly sequentially performed to 
generate and evaluate new encryption patterns 
corresponding to each network termination in the 
network. 

8. The method of any of claims 4 to 6, wherein the 
method is repeatedly randomly performed to gen- 
erate new encryption patterns corresponding to 
each network termination in the network. 

9. The method of any of claims 4 to 6, further com- 
prising: 

ranking each network termination based 
on the required level of security wherein new en- 
cryption patterns will be generated and tested 
more frequently for the network terminations re- 
quiring a higher level of security than those re- 
quiring a lesser level of security. 

10. A shared-medium network having privacy of traf- 
fic behavior comprising: 

a line termination transmitting data cells or 
command on the network; 

a plurality of network terminations for re- 
ceiving the data cells and commands, wherein 
the data cells and commands contain address in- 
formation of the destination network termination 
for the data cell or command, the address infor- 
mation being the destination network termination 
address and additional identifier bits, and where- 
in the address field is encrypted using a particu- 



lar pseudo-random encryption pattern based on 
the destination network termination. 

11. The network of claim 10, wherein the data con- 
5 talned in the additional identifier bits contains re- 
dundant information of particular bits in the des- 
tination network termination address. 

12. The network of claim 10, wherein the data con- 
10 tained in the additional identifier bits can be de- 
rived from the data in the destination network ter- 
mination address. 

13. The network of any of claims 10 to 12 wherein the 
15 data cells are asynchronous transfer mode cells. 
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